CVE-2013-2111

Name of the Vulnerable Software and Affected Versions Dovecot versions prior to 2.2.2

Description The issue concerns the IMAP functionality in Dovecot, where an error in the implementation allows remote attackers to cause a denial of service. This can be achieved by sending a specially crafted network packet with an invalid APPEND parameter, which leads to an infinite loop and CPU consumption. The vulnerable component is related to the /imap/cmd-append.c file.

Recommendations For versions prior to 2.2.2, update to version 2.2.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the IMAP functionality to minimize the risk of exploitation. Avoid using the APPEND parameter in the affected IMAP endpoint until the issue is resolved.